fastfish-format(article-wechat-xhs-format)
v1.0.2多渠道格式化与美化:公众号、小红书文章排版,30 套预设样式,配图编排指引。不包含发布。通过 system.run 调用 CLI,无需 MCP。当用户需要公众号格式整理、小红书文案格式化、Markdown 渲染、样式选择或配图流程指引时使用本技能。
⭐ 1· 566·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description match the actions described in SKILL.md: it runs a Python CLI (ffformat_cli.py) to normalize/render WeChat and Xiaohongshu text and list styles. Declared requirement is only python3, which is proportionate to the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to clone a GitHub repo and run its Python scripts (ffformat_cli.py) via system.run with JSON arguments; it restricts execution to those scripts and forbids exposing .env contents. This stays within the formatting scope, but the runtime execution of third‑party code (and recommending pip install) expands the trust boundary and relies on the agent to follow the restrictive rules.
Install Mechanism
There is no automated install spec in the registry; the README directs users to git clone and pip install from a GitHub repo. Clone + pip install can execute arbitrary code (setup.py, install hooks). The SKILL.md advises pinning tags and running in isolation, but the basic install mechanism is higher risk than an instruction-only skill that doesn't ask to fetch external code.
Credentials
The skill requires no environment variables for core formatting. It documents optional API keys (OPENAI_API_KEY, GOOGLE_API_KEY, DASHSCOPE_API_KEY) only when integrating image-generation via a separate baoyu-skills project. Those optional credentials are reasonable for that optional feature, but they are unrelated to core text formatting and should be provided only if the user enables image generation.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration or persistent privileges. It instructs optional installation into a workspace but does not demand elevated or always‑on privileges.
Assessment
This skill appears to do what it says (format and render articles) but it relies on cloning and pip-installing a third‑party GitHub repository. Before installing or asking an agent to install/run it: 1) Pin the repo to a specific release tag (do not install from an unpinned main branch). 2) Review the repository (or at least requirements.txt and setup files) for unexpected install hooks. 3) Run installation and execution in an isolated environment or container (avoid running as root). 4) Keep any API keys in a local .env and never paste them into the chat; only provide optional image-generation keys if you intend to use that feature. 5) Consider downloading an official release archive with a checksum or using a signed release if available. If you want a higher assurance reviewable before use, ask for the repository URL and a short checklist of files to inspect (setup.py/pyproject.toml, requirements.txt, scripts/ directory).Like a lobster shell, security has layers — review code before you run it.
latestvk97fjg1bpve3fayaqy7kwfpmms834m7y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3